7.4AI Score
EPSS
Exploit for Improper Initialization in Linux Linux Kernel
CVE-2022-0847 The Dirty Pipe Vulnerability For educational...
7.8CVSS
8.2AI Score
0.076EPSS
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...
6.5CVSS
6.9AI Score
0.0004EPSS
Exploit for OS Command Injection in Php
CVE-2024-4577: PHP CGI Argument Injection (XAMPP) 💀...
9.8CVSS
10AI Score
0.967EPSS
CVE-2024-31982 CVEHunter tool for vulnerability detection and...
10CVSS
7AI Score
0.001EPSS
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the...
8.8CVSS
8.5AI Score
0.001EPSS
9.8CVSS
7.7AI Score
0.106EPSS
A logic flaw exists in Ansible Automation platform. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and...
6.3CVSS
6AI Score
0.001EPSS
Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted....
8.8CVSS
6.9AI Score
0.0004EPSS
🚀 CVE-2024-29269 Exploit This repository contains an exploit...
8.3AI Score
0.001EPSS
smartdoms.com Cross Site Scripting vulnerability OBB-3918577
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the...
6.6AI Score
0.002EPSS
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...
7.8CVSS
8.2AI Score
0.001EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, snyk-cli, spicedb, velero-plugin-for-aws, ollama, kube-vip, timestamp-authority, pulumi-language-dotnet, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic, nri-nginx,....
7.5AI Score
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6079 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers...
6.5CVSS
6.7AI Score
0.001EPSS
Rockwell Automation MicroLogix 1100 PLC < FRN 10.0 Authentication Mechanism DoS
The Rockwell Automation MicroLogix 1100 PLC integrated web server is a firmware version that is prior to FRN 10.0. It is, therefore, affected by a denial of service vulnerability due to a failure of the authentication mechanism to properly handle remote connections or commands. A remote attacker...
2.3AI Score
Siemens Automation License Manager 'almaxcx.dll' ActiveX Arbitrary File Overwrite Vulnerability
The remote host has the almaxcx.dll ActiveX control that is affected by an arbitrary file overwrite vulnerability that can be triggered by providing an absolute path when calling the control's Save() method in a specially crafted HTML...
2.3AI Score
Exploit for Untrusted Pointer Dereference in Microsoft
nullmap A very simple driver manual mapper based on my older...
8.6AI Score
kshs.org Cross Site Scripting vulnerability OBB-3918946
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Rockwell Automation was made aware of a vulnerability that causes all affected controllers on the same network to result in a major nonrecoverable fault(MNRF/Assert). This vulnerability could be exploited by sending abnormal packets to the mDNS port. If exploited, the availability of the device...
6.8AI Score
0.0004EPSS
Fatek Automation FvDesigner FPJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation FvDesigner. User interaction is required to exploit this vulnerability in that...
7.8CVSS
7.5AI Score
0.001EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5758 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
8.1AI Score
0.001EPSS
Siemens Automation License Manager CVE-2012-4691 Denial of Service
The remote host has a version of Siemens Automation License Manager installed that is affected by an excessive memory consumption denial of service vulnerability that can be triggered by sending a specially crafted packet to the Automation Licensing Manager TCP service listening on port...
3.9AI Score
0.001EPSS
Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...
6.5CVSS
6.6AI Score
0.0005EPSS
Unified Automation UaGateway OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authentication is required to exploit this...
6.5CVSS
6.6AI Score
0.0005EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0733 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
7.6AI Score
0.001EPSS
Summary IBM Business Automation Workflow reintroduced an outdated version of the Xalan library. Vulnerability Details ** CVEID: CVE-2014-0107 DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An...
7.5CVSS
10AI Score
0.005EPSS
Summary IBM Event Streams is vulnerable to XSS vulnerability due to Axios component . Axios is a promise-based HTTP library that lets developers make requests to either their own or a third-party server to fetch data. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is...
6.5CVSS
5.3AI Score
0.001EPSS
RHEL 8 : ansible-runner (RHSA-2022:0108)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0108 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can...
7.8CVSS
6.5AI Score
0.001EPSS
Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their...
9.8CVSS
9.5AI Score
0.002EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6158 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
8.1CVSS
8AI Score
0.001EPSS
Jenkins plugins Multiple Vulnerabilities (2024-05-24)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files,...
4.9CVSS
5AI Score
EPSS
Atlassian Jira Server/Data Center <8.5.8/8.6.0 - 8.11.1 - Information Disclosure
Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA...
5.3CVSS
5AI Score
0.006EPSS
Exploit for Code Injection in Crushftp
CVE-2024-4040 A server side template injection vulnerability...
10CVSS
10AI Score
0.966EPSS
Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local...
2.8CVSS
3.2AI Score
0.0004EPSS
The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4693 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...
7.5CVSS
7.7AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential truncation of output when using the snprintf...
7AI Score
0.0004EPSS
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local...
5.5CVSS
4.9AI Score
0.001EPSS
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover...
7.5CVSS
7.7AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: nextcloud-28.0.5-2.fc39
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....
7.3AI Score
[SECURITY] Fedora 40 Update: nextcloud-28.0.5-2.fc40
NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API.....
7.3AI Score
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local...
7.2CVSS
7.3AI Score
0.0004EPSS
Inductive Automation Ignition ResponseParser Notification Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit.....
8.8CVSS
9.2AI Score
0.0005EPSS
7.3AI Score
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local...
5.5CVSS
5.7AI Score
0.0004EPSS
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local...
6.8CVSS
7.1AI Score
0.001EPSS
Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network...
6.5CVSS
6.4AI Score
0.001EPSS
RuggedCom RuggedOS (ROS) Web-Based Admin Interface Detection
The remote device is running the RuggedCom RuggedOS (ROS) web-based administration...
2.6AI Score
7.5CVSS
7.3AI Score
0.013EPSS
Exploit for Deserialization of Untrusted Data in Fortra Goanywhere Managed File Transfer
CVE-2023-0669 GoAnywhere MFT suffers from a...
7.2CVSS
7.7AI Score
0.969EPSS